Fluid Attacks Database

Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glibc	=2.36-9 \|\| =2.36-9+deb12u1 \|\| =2.36-9+deb12u2 \|\| =2.36-9+deb12u3 \|\| >=0 <2.36-9+deb12u4	2.36-9+deb12u4
debian 13	glibc	>=0 <2.37-15	2.37-15
debian 14	glibc	>=0 <2.37-15	2.37-15

Aliases

1. CVE-2023-67802. NVD-2023-67803. OSV-DEBIAN-2023-67804. OSV-2023-67805. SECURITY-TRACKER-CVE-2023-6780

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.